SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

INTERNET STORM CENTER TECH CORNER

Do you know who is lurking on your network? Several high-profile data breaches have reminded us that devastating attacks do not always involve scheming criminals and sophisticated malware. Sometimes it's your own employees or trusted vendors who are exposing confidential data - whether they mean to or not. To learn more, download "Combating the Insider Threat," an e-book brought to you by Lancope, now part of Cisco. http://www.sans.org/info/186932

TOP OF THE NEWS

Symantec has fixed eight vulnerabilities in its security software. The critical flaws could be exploited without user interaction to allow remote code execution or damage default configurations of the affected products. In all, 17 Symantec products and eight Norton products are affected. Google's Project Zero notified Symantec of the vulnerabilities; the fixes were released before Project Zero released details of the flaws. The fixes are included in product updates, but some products cannot be automatically updated, so administrators will need to update manually.

US Courts 2015 Wiretap Report (June 30, 2016)

According to the US Courts 2015 Wiretap Report, the total number of federal and state wiretaps issued in 2015 was 4,148, a 17 percent increase from the number granted in 2014. No requests were reported as denied in 2015. While law enforcement encountered encryption in just 13 of those cases, the FBI indicated that it does not seek wiretap orders in cases where it knows it will encounter encryption. The report does not include wiretap requests made to the Foreign Intelligence Surveillance Court.

[Editor Comments ] (Henry): During my 24-year career in the FBI I've worked many cases that utilized wiretaps. The technique has been incredibly effective in uncovering wide-scale criminal activity, and was critical in demonstrating proof beyond a reasonable doubt to a judge and/or jury. This sensitive investigative technique is highly regulated within the Department of Justice and the FBI, and the requirements to obtain one are rigorous. Unlike movies and television, FBI agents can't just decide they want to "go up on a wire" and have a title III intercept within minutes. The process often requires weeks or even months of investigation to demonstrate that a particular device (a specific phone, for example) is being used for criminality. The request/affidavit then goes through multiple reviews by FBI attorneys and Assistant United States Attorney's, before it is even further reviewed at FBI headquarters and at the Department of Justice. After it is authorized, agents are mandated to regularly demonstrate to the court that the technique is uncovering criminal activity; if not, it must cease. I can't speak for state and local wiretaps, but many FBI wiretap requests were "denied" during this internal process before they ever were presented to a federal judge. Only those that had rock solid probable cause, and would sustain the justified scrutiny of the judicial branch, were ever put forward. The FBI was very serious about civil liberties, and in my experience, always balanced the needs of security against privacy, in accordance with applicable laws and the US constitution. As it should be. Read more in: The Register: Encryption, wiretaps and the Feds: THE TRUTH -http://www.theregister.co.uk/2016/06/30/us_government_reports_encrypted_wiretaps_declining/ZDNet: US courts didn't reject a single wiretap request in 2015, says report -http://www.zdnet.com/article/us-courts-did-not-reject-a-single-wiretap-last-year-says-new-report/The Hill: Wiretaps harvest fewer encrypted communications -http://thehill.com/policy/cybersecurity/286177-wiretaps-harvest-fewer-encrypted-communicationsUS Courts : Wiretap Report 2015 -http://www.uscourts.gov/statistics-reports/wiretap-report-2015

Noodles & Company Payment Card Breach (June 29, 2016)

US restaurant chain Noodles & Company has acknowledged that its registers were infected with malware, allowing thieves to steal customers' payment card details. The registers were leaking data between January 31 and June 2, 2016.

CCTV Camera Botnet (June 28, 2016)

Attackers are using a botnet made up of more than 25,000 closed-circuit television (CCTV) cameras to launch distributed denial-of-service (DDoS) attacks against websites. US security company Sucuri detected the botnet while investigating an attack against the website of one of its customers.

Members of Russia's Duma, the country's lower house of parliament, have passed legislation that would require telecommunications companies to help the government decrypt communications upon request. The bill would also require the companies to store three years' worth of phone call and messaging metadata, and six months worth of phone call and text message content. The bill now goes to the Federation Council, the upper house of Russia's parliament.

The New York Times is reporting that the EU is expected to approve the new draft of the US-EU Privacy Shield data transfer agreement. The new framework, developed to replace the Safe Harbor agreement that the European Court of Justice struck down last year, "protects the fundamental rights of Europeans and ensures legal certainty for businesses," according to European Commission spokesman Christian Wigand. The absence of an agreement has left US companies in limbo regarding European customer data. In early June, the Hamburg (Germany) Data Commissioner fined three companies for using the defunct Safe Harbor agreement to transfer European customer data to the US.

John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.

Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response.

Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course.

Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.

Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.

Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.

Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org).

Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded.

Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.

Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites.